BlackBerry Certifications

BlackBerry® software, devices and management systems have undergone rigorous evaluations by leading independent certification bodies. For demanding customers in government, defense, intelligence, regulated and other industries where compliance is critical, our certifications provide an assurance of quality, reliability and security that only BlackBerry can deliver. Learn about some of the key certifications BlackBerry has obtained in the summaries below.

ISO 9001

ISO 9001 is the most widely adopted international quality standard with over 1.1 million certificates issued worldwide. BlackBerry has been certified to ISO 9001 since 2005. The standard is based on a number of quality management principles which include having a strong customer focus, organizational leadership driving quality engagement, using the process approach and continual improvement.

ISO 27001

ISO/IEC 27001 provides a model for establishing an information security management system (ISMS), which aligns people, resources, and controls, to create a series of measurable security practices to protect information assets. BlackBerry has an established record of integrating secure practices. In 2002, BlackBerry was one of the first organizations in North America to receive accreditation against the BS7799 Security Standard. This standard was later adopted by the International Standards Organization as ISO/IEC 27001:2005 and, most recently, ISO/IEC 27001:2013.

FedRAMP

The Federal Risk and Authorization Management Program, or FedRAMP, is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP is the result of close collaboration with cybersecurity and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.

NIAP

The National Information Assurance Partnership (NIAP) is responsible for U.S. implementation of the Common Criteria, including management of the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) validation body. NIAP also works with NATO and international standards bodies (ISO) to share Common Criteria evaluation experiences and avoid duplication of effort. In the U.S., NIAP engages with other National Security Systems (NSS) users to ensure Protection Profiles, along with their associated DoD Annexes, provide a streamlined certification path for IA and IA enabled COTS products employed with NSS.

Cyber Essentials

Cyber Essentials is a cyber security standard developed under the auspices of the Communications-Electronics Security Group (CESG), the information security arm of Government Communications Headquarters (GCHQ) in the United Kingdom. It identifies the security controls that an organization must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.

NATO Restricted

Certificate of Networthiness (CoN) and Authority to Operate (ATO)

The Networthiness Certification Program manages the specific risks and impacts associated with the fielding of Information Systems (ISs) and supporting efforts, requires formal certification throughout the life cycle of all ISs that use the Information Technology (IT) infrastructure, and sustains the health of the US Army Enterprise Infrastructure.

Common Criteria EAL 4 +

Common Criteria assesses the design and implementation of security-sensitive products and provides assurance that the specification, implementation, and evaluation of each solution have been thoroughly analyzed. EAL4+ is the highest certification level recognized internationally under the Common Criteria program, and is frequently conducted for products that are deployed in environments handling sensitive government data.

FIPS 140-2

The Cryptographic Module Validation Program (CMVP), headed by the National Institute of Standards and Technology (NIST), provides module and algorithm testing for FIPS 140-2, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. The FIPS 140-2 standard is mandated by law in the U.S. and very strictly enforced in Canada, for all products used in security systems that process sensitive but unclassified information. FIPS 140-2 validation provides product users with a high degree of security, assurance, and dependability.

IEC 61508 Safety Integrity Level 3 (SIL) 3

The QNX® OS for Safety is certified to meet the requirements of International Electrotechnical Commission (IEC) standard 61508 Safety Integrity Level 3 (SIL3). IEC 61508 is an international standard for the functional safety of electronic systems, and offers a very high level of reliability and risk reduction when used in safety-critical systems for transportation, energy generation, process control, and other industries.

BlackBerry uses cookies to help make our website better. Some of the cookies are necessary for the proper functioning of the website while others, non-essential cookies, are used to better understand how you interact with our website and to make it better.